LXC and mount point. Permission denied

[kast0r]

Hello,

I have mounted a drive on the host to allow the container to see it. (Transmission server) which works well. However, the mount shows "nobody" on security, so Transmission is not able to upload torrents to this mount due to permission denied. I'm trying to figure out the "Using local directory bind mount points" portion on wiki, but it's not very clear in my head.

On the host, security is root:root (uid 0:0). The user who should be able to write to the folder is debian-transmission whose uid is 109:117.

How can I allow this user to be able to write to this folder, despite it being root who created the share? Even re-reading several times or reading comments on other posts, I'm not able to get a clear idea how I can make this work.

Thanks again!

 

[Dunuin]

Unprivileges LXCs use user/group remapping. So user/group UID/GID 0-65535 inside the LXC will be UID/GID 100000-165535 on the host. If you want to access the bind-mount from inside the LXC with UID 109 and GID 117 that bind-mounted folder would need to be owned by UID 100109 and GID 100117 on the host.
See https://pve.proxmox.com/wiki/Unprivileged_LXC_containers on how to edit the user remapping in case you need the files to be owned by UID 109 and GID 17 on the host too.

 

[kast0r]

Here is an update of what I did.. and I don't understand why it works now.

I changed the owner and the group on the folder on the host

chown 100109:100117 /shared/downloads

On the container, the user and the group is the correct one. And Transmission works. It can download the torrents to the folder in question.

The problem is that I didn't do the steps to change the container UID mapping in the file, didn't edit etc/suibuid and didn't edit /etc/subguid either.

Why is it necessary to do the 3 steps mentioned if I can only change on the host with the chown command?

When I tried doing the 3 steps I was never able to get it to work.

Thanks!

 

[Dunuin]

Its for example necessary if that folder you want to bind-mount on the host needs to be owned by a specific user. For example if it is a NFS/SMB share or a user on the host other than root needs to access it and you dont want to 'chmod 777' it.

If the edit user remapping didn't work you did it wrong.

 

[pkr]

Here is an update of what I did.. and I don't understand why it works now.

I changed the owner and the group on the folder on the host

chown 100109:100117 /shared/downloads

On the container, the user and the group is the correct one. And Transmission works. It can download the torrents to the folder in question.

The problem is that I didn't do the steps to change the container UID mapping in the file, didn't edit etc/suibuid and didn't edit /etc/subguid either.

Why is it necessary to do the 3 steps mentioned if I can only change on the host with the chown command?

When I tried doing the 3 steps I was never able to get it to work.

Thanks!

after trying several other options, and it did not work

i tried your suggested option, and it worked - thank you

 

[SteveCliff]

@Dunuin - your answer should be written in gold and posted everywhere lol!

Thank you - it was exactly what I needed. After reading about 50 other posts and getting seriously confused on about lxc.idmap settings this was a breathe of fresh air and worked perfectly for my use case.